Middleware for Python Graphene to disable introspection

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Paprikaschote from gravatar.com Paprikaschote

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0)
  • Author: Carlo Völker
  • Tags django, graphene, graphql, introspection, middleware, __schema, disable, security
  • Requires: Python >=3.8
Classifiers

Project description

Graphene Middleware to Disable Introspection

PyPI version Static Badge

This middleware for Python's Graphene library disables introspection queries, enhancing the security of your GraphQL API by preventing clients from discovering the schema. Disabled fields will return [disabled] as their value.

Installation

To install the middleware, you can use pip:

pip install graphene-disable-introspection

Usage

To use the middleware in your Graphene project, you need to add it to your GraphQL schema. The middleware can be used in Django or Python projects.

Django Usage

Add the middleware to your Django settings. I recommend to add it to the top of the middleware list.

GRAPHENE = {
    ...
    "MIDDLEWARE": [
        "graphene_disable_introspection.middleware.DisableIntrospectionMiddleware",
        ...
    ],
}

Alternatively, you can deactivate Graphene introspection for the production system only.

if os.environ.get("APP_SETTINGS") == "production":
    GRAPHENE["MIDDLEWARE"].insert(0, "graphene_disable_introspection.middleware.DisableIntrospectionMiddleware")

Python Usage

Import the middleware and add it to your schema.

from graphene_disable_introspection.middleware import DisableIntrospectionMiddleware

GraphqlView.as_view(middleware=[DisableIntrospectionMiddleware()])

Configuration

DISABLED_INTROSPECTION_TYPES

(default : ["__schema", "__type", "__typename"])

The middleware will disable introspection queries for the types listed in the DISABLED_INTROSPECTION_TYPES list. You can customize this list by overriding this variable in your settings. The values in the list have to start with __ and are case-sensitive.

e.g.

DISABLED_INTROSPECTION_TYPES = ["__schema", "__directive"]

Example

Here is an example of how an introspection query will be handled:

{
  __schema {
    queryType {
      name
    }
  }
}

If __schema is in the DISABLED_INTROSPECTION_TYPES list, the response will be:

{
  "data": {
    "__schema": "[disabled]"
  }
}

License

This project is licensed under the GPL-3.0 License.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Paprikaschote from gravatar.com Paprikaschote

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0)
  • Author: Carlo Völker
  • Tags django, graphene, graphql, introspection, middleware, __schema, disable, security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

This version

0.2

0.1.3

0.1.2

0.1.1

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

graphene_disable_introspection-0.2.tar.gz (16.1 kB view details)

Uploaded Source

File details

Details for the file graphene_disable_introspection-0.2.tar.gz.

File metadata

File hashes

Hashes for graphene_disable_introspection-0.2.tar.gz
Algorithm Hash digest
SHA256 c8fa57674b04e757f47d0e3048f208f0acab6e9dc8866f7e19b180df94f6ff4e
MD5 9ee3f3ff78a60d14809d29b2f80c06a5
BLAKE2b-256 86daf71a8578e4bc6635cc75bc1ce0ccd8b7acf6848d97b4bfa9ae101268d99b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page